Comcast says hackers stole personal data from millions of customers during a recent breach.
The data breach involved customers of the company’s cable and internet business Xfinity, Comcast announced Monday (Dec. 18).
According to a news release, Xfinity had learned of a vulnerability from software provider Citrix in October, which Xfinity “patched and mitigated.” But during a routine cybersecurity exercise weeks later, Xfinity spotted suspicious activity and concluded there had been unauthorized access to its system due to the vulnerability and notified law enforcement.
“After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers,” the company said. “However, the data analysis is continuing.”
While the announcement does not provide a number for affected customers, a notice sent to the Maine Attorney General — flagged in a report by TechCrunch — says that 35.8 million people were impacted by the breach.
This security incident comes at the tail end of a year that has seen a number of companies deal with similar breaches, and in some cases lose business because of them.
The most recent example of this comes from VF Corporation, the owner of Vans, The North Face, Timberland and Dickies, which said this week it is having difficulty fulfilling orders following a cyberattack last week.
While consumers can place orders, the company said in a recent filing with the Securities and Exchange Commission (SEC) that the breach has hindered its ability to fill those orders.
“As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known,” the company said in the filing. “As of the date of this filing, the incident has had and is reasonably likely to continue to have a material impact on the company’s business operations until recovery efforts are completed.”
Meanwhile, Ace Hardware reported last month that a cyberattack had hurt its warehouse management, invoice and other delivery systems, leaving it unable to fill online orders.
And Clorox reported earlier this year that a data breach had led to a significant decline in its quarterly sales.